From: a...@bungia.bungia.mn.org (Shane P. McCarron)
Subject: Standards Update, Part 10: IEEE 1003.6; Security
Date: 1 Jan 89 17:54:23 GMT
Reply-To: Shane P. McCarron < a...@bungia.bungia.mn.org>
Approved: j...@longway.tic.com (Moderator, John S. Quarterman)
[ These Standards Updates are published after each IEEE 1003
meeting, and are commissioned by the USENIX Association.
See Part 1 for contact information. -mod ]
An update on UNIX|= Standards Activities - Part 10
POSIX 1003.6 Update
December 18, 1988
Shane P. McCarron, NAPS International
1003.6 - Security Extensions to POSIX
The 1003.6 committee met with the other POSIX committees in
Hawaii. At this meeting they decided to divide the work
into different groups. The groups were addressing: Audit,
Definitions, P1003.6 Scope, DAC, and Privileges.
Each small working group met every day, and on the morning
of the final day of the meeting a wrap-up session was held
to update all the members of each working group's progress.
The following information was presented:
- Satisfy TCSEC Requirement.
- Reduce the amount of changes to POSIX as
much as possible.
- Primarily to make audit trail entries.
- Portability for audit
- Audit Data Interchange Format.
2. Areas of Investigation:
- Event/Classes (what are they?)
|= UNIX is a registered trademark of AT&T in the U.S. and
- 2 -
- Pre/Post Selection Criteria
- SSO Interface
- Subsystem Interface
- Record/File Format
- IDs (audit ids,...)
- Detailed Input Requested
- Interim Event/Classes
- BNF for Audit Token Grammar
Note that the administration interface issues have been
considered to be a HANDS-OFF right now.
The following information was presented:
1. The structure of the definitions will be similar
to 1003.1 structure: terminology section,
conformance section, general terms, general
concepts and acronyms.
2. The draft 0 definitions were based on four
documents: ISO, ECMA, IEEE Std 1003.1-1988, and
the Orange Book.
3. The GOAL of this group is to assure that 1003.6
definitions are consistent and relevant to 1003.6
areas without overstepping or duplicating
existing definitions from other 1003.x groups.
In case some of the 1003.6 definitions conflict
with 1003.X ones, the action will be to propose a
redefinition of the term.
o+ P1003.6 Scope
The proposed Scope was discussed and the conclusion was
that it needed reworking. The area of I&A was
considered not addressed, as well as trusted recovery
(which the real-time people may need) and others. In
the draft a lot of the issues that will not be
supported right now are marked so because of lack of
experience or not enough technical maturity. The
- 3 -
important point is not if we have the experience or
not, it is to be aware of areas where users want
security, areas where the committee thinks security
should be provided, and point them out in the Scope.
If areas become a problem later, they can be dealt with
at that time.
For the next draft of the 1003.6 document, the table of
contents will contain: Scope, Definitions, Feature
Overview, Existing 1003.1 Functions, Existing 1003.2
Commands, Section for Each Feature, and an Appendix.
The Feature Overview covers a discussion, functional
interface summary and command summary of each feature.
Then in the feature section there will be the
functions, commands, descriptions and security
In the appendix there will be a rationale that maps to
the document sections.
It was remarked that all the future features such as
Networking and System Administration should be
annotated in an appendix as areas that will be covered
o+ Discretionary Access Controls
This group was the one with the most activity,
generating a lot of conflicting ideas even within
itself. However, they did resolve to put together
first the Rationale section of the document and work on
the agreeable parts, then later debate the contentious
ones. One of the conflicting topics was default Access
Control Lists. This is probably needed, but apparently
will not be within the scope of the standard.
Privileges is a topic wrought with philosophy, and
computer professionals love to be philosophers. In
spite of this, definitions of privilege and certain
types of privileges were completed. A paper from IBM
was taken as a framework for the privilege section.
During the meeting a few operations were identified as
necessary, although the list is far from complete:
getpriv, setpriv, enable/disable_priv, droppriv.
Another issue brought to the whole group was
Internationalization, and the decision was not to address it
as long as they can. This is unfortunate, as the charter of
- 4 -
POSIX is to be as international as possible. The 1003.1
committee learned the hard way that internationalization
cannot just be stapled on later. It must be in there from
day one or it becomes extremely difficult to make it work.
In the case of security, labeling is an area in which
internationalization is a must. If it is not placed in
there initially, it may never get in.
The upshot of all this is that the small groups produced the
guidelines for the next meeting and the topics that are
going to be covered for the near future.
This group has targeted mid-1990 for a complete draft ready
to ballot. The Usenix Standards Watchdog Committee contact
for this group is Anna Maria de Alvare. She can be reached
Anna Maria de Alvare
Lawrence Livermore National Laboratories
PO Box 808
Livermore, CA 94450
+1 (415) 422-7007
Volume-Number: Volume 15, Number 53